Expected CRISC Exam Topics, as suggested by Isaca :

• Module 1: IT Risk Identification/ IT Risk Assessment
• Module 2: Risk Response and Mitigation
• Module 3: Risk and Control Monitoring and Reporting
• Module 4: Definitions and Objectives for the Four Areas
• Module 5: Task and Knowledge Statements
• Module 6: Confirms One’s Ability To Recognize And Gauge Threats And Vulnerabilities To The Organization’s People, Processes And Technology.
• Module 7: Attests To Advanced Skill In Identifying The Current State Of Existing Controls And Evaluating Their Effectiveness For It Risk Mitigation.
• Module 8: Tests Your Ability To Select And Implement Informed Risk Decisions That Are Well-Aligned And Enunciated Throughout The Organization.
• Module 9: Assesses Your Ability To Define And Establish Key Risk Indicators (Kris) And Thresholds Based On Available Data, To Enable Monitoring Of Changes In Risk. Self-Assessment Questions, Answers and Explanations
• Module 10: Suggested Resources For Further Study